icon-carat-right menu search cmu-wordmark

A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)

Technical Note
To help financial organizations assess cyber resilience, we map FFIEC Cybersecurity Assessment Tool (CAT) statements to Cyber Resilience Review (CRR) questions.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2016-TN-008

Abstract

This technical note describes the methodology we used and the observations we made while mapping the declarative statements found in the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the practice questions found in the Cyber Resilience Review (CRR). This mapping enables financial organizations to use CRR results not only to gauge their cyber resilience, but to examine their current baseline with respect to the FFIEC CAT and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The mapping in this technical note is proposed by three senior engineers from the CERT Division of the Carnegie Mellon University Software Engineering Institute; these engineers are skilled in conducting CRRs and familiar with all practice questions and question guidance. Two also have the advantage of several years of experience in the financial sector. The team relied on their experience along with previous mappings of the CRR and FFIEC CAT to the NIST CSF to propose the mapping in this technical note.

Cite This Technical Note

Pinckard, J., Rattigan, M., & Vrtis, R. (2016, October 25). A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR). (Technical Note CMU/SEI-2016-TN-008). Retrieved December 22, 2024, from https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/.

@techreport{pinckard_2016,
author={Pinckard, Jeffrey and Rattigan, Michael and Vrtis, Robert},
title={A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)},
month={{Oct},
year={{2016},
number={{CMU/SEI-2016-TN-008},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/},
note={Accessed: 2024-Dec-22}
}

Pinckard, Jeffrey, Michael Rattigan, and Robert Vrtis. "A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)." (CMU/SEI-2016-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 25, 2016. https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/.

J. Pinckard, M. Rattigan, and R. Vrtis, "A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2016-TN-008, 25-Oct-2016 [Online]. Available: https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/. [Accessed: 22-Dec-2024].

Pinckard, Jeffrey, Michael Rattigan, and Robert Vrtis. "A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)." (Technical Note CMU/SEI-2016-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 25 Oct. 2016. https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/. Accessed 22 Dec. 2024.

Pinckard, Jeffrey; Rattigan, Michael; & Vrtis, Robert. A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR). CMU/SEI-2016-TN-008. Software Engineering Institute. 2016. https://insights.sei.cmu.edu/library/a-mapping-of-the-federal-financial-institutions-examination-council-ffiec-cybersecurity-assessment-tool-cat-to-the-cyber-resilience-review-crr/